Rebecca Javeleau of Hertfordshire, England was planning to host a small gathering of friends for her upcoming fifteenth birthday party on October 7 at her home. As any girl nearing the end of her tween years would do, Rebecca proceeded to invite her guests via Facebook. However, she made a critical error — after posting her cell phone number and home address, she failed to unclick the box that states, “Anyone can view and RSVP (public event).” As a result over 21,000 people did view and RSVP (including fake profiles of Justin Bieber, Susan Boyle, and Stephen Hawking), causing her mother to angrily cancel the party. Because the event gained so much popularity, other Facebook members created new groups reassuring eager party-goers that the party would go on as planned. The police are now involved, planning to patrol the area on the night of October 7. All of this raises concerns over the website’s privacy controls, especially for young social networkers.

Just how easy is it to make Rebecca’s mistake? To create an event on Facebook, a host or hostess must fill out a simple template before an official invitation can be posted. First, fill in the blanks: Date, time, occasion, venue, and “more info.” Then, create the guest list. Lastly, and arguably most importantly, either check or uncheck the boxes at the bottom saying “Anyone can view and RSVP (public event),” and “Show the guest list on the event page.” The default setting has these two boxes checked, which probably explains why Rebecca glanced over them in completing her event invitation.

In its defense to claims of lax privacy controls, Facebook asserts that the privacy settings for events are separate from profile privacy settings and are “clearly indicated.” Additionally, users can help police suspicious activity by flagging and reporting them to the company. In an interview in May with Time magazine, Facebook creator Mark Zuckerberg, 26, defined the company’s mission as making the world “more open and connected.” As Rebecca discovered, Zuckerberg is attempting to “[build] a web where the default is social.”

Facebook’s privacy department is no stranger to legal allegations. This summer a law firm in Canada filed a lawsuit against the company, hoping to achieve class action certification, challenging Facebook’s decision to change its privacy controls back in 2009 without consent. According to the complaint, “Facebook intentionally or negligently designs its privacy policies . . . to mislead and induce users into putting their personal information and privacy further at risk.” The complaint also alleges that Facebook breached its contract with users not to publish previously private information. The case now awaits certification as a class action, and the allegations have yet to be proven.